New Malwarebytes Anti-Exploit Adds Fingerprinting Detection

New Malwarebytes Anti-Exploit Adds Fingerprinting Detection

We just released a new version of our Malwarebytes Anti-Exploit software which is packed with new and advanced exploit detection and blocking techniques, making it the most complete anti-exploit product available in the market today.

New Features:

• Dynamic Anti-HeapSpraying mitigation • Anti-Exploit fingerprinting mitigation • Finetuned VBScript mitigation for IE • ROP-RET gadget detection mitigation • Application Behavior rules • Protection for Microsoft Edge • Protection for LibreOffice • Failover upgrade mechanism • Auto-recovery for Anti-Exploit service

One particular feature we are excited about is fingerprinting detection. As criminals try and hide their activity, they have been playing naughty games to blind us from their wrongdoing, including setting up large malvertising campaigns.

Here’s one way they have been doing it which involves checking if the victim’s machine has our software installed and quietly exiting:

MBAE_detect

While this is great for our customers – the simple fact of having Malwarebytes installed means you are of no interest for the bad guys – it leaves us in the dark from the malicious activity going on.

We know that the most famous exploit kit, Angler, has been doing that as well as several rogue advertisers. But this is time for a change and for us to detect who is trying to detect us.

MBAE_vs_Angler

The screen above shows the Angler exploit kit landing page which pokes fun at us with a couple of images showing our software. The new fingerprinting technique will now show a notification that the bad guys were there and attempted to exploit the machine.

However we still detect Angler and its exploits regardless. Below is a test where we disable fingerprinting and each protection layer one by one (protip: don’t do this at home!) to block Angler EK at various levels.

IE exploit via VBScript

VBSript_block

ROP Gadget attack

ROP

Protecting our users while making the bad guys’ lives more difficult is something we take pride in. This year more than ever before, proactive tools to fend off drive-by download attacks via zero-days or quickly weaponized exploits are critical to your security posture.

Malwarebytes Anti-Exploit Version 1.08 is available for download today and will gradually be rolled out through automatic updates.

ABOUT THE AUTHOR

Jérôme Segura

Sr Director, Research